US EditionFortune 500 Companies Exploited To Fund North Korea’s Nuclear Program Through 'Mafia'-Style Cybercrime Operations: Report
- North Korean hackers, aided by the Lazarus Group, used fake US companies to infiltrate Fortune 500 firms and launch malware targeting crypto developers in 2025.
- This cybercrime campaign evolved from North Korea’s intensified strategy involving over 90 top IT graduates forced to launder stolen cryptocurrency for nuclear funding.
- The network deploys deceptive remote employment scams using fake portfolio websites and aliases to gain blockchain and engineering jobs worldwide.
- Nisos highlighted the network’s consistent use of lion-themed avatars and fabricated testimonials as evidence of coordinated DPRK-affiliated fraud activities.
- These operations generate hundreds of millions annually, directly funding Kim Jong Un’s weapons programs and posing significant security and financial risks globally.
11 Articles
11 Articles
'This is the mafia' — How North Korea structures its IT workers like an organized crime syndicate
A detailed report on North Korea’s cyber-crime operations has revealed the inner workings and structure behind Kim Jong Un’s plan to evolve a highly lucrative scheme in which trained tech workers infiltrate American and European businesses. The North Korean IT workers send nearly their entire salaries home to fund the regime’s nuclear weapons program, using AI as a key tool. Meanwhile, North Korea has pitted its IT workers against each other to …
'National Cyber Capability Index' 2nd China, 13th North Korea Finance is 1st... 7th Korea, Defense 22nd 'lowest rank' China, 'THAAD deployment' Hacking cases approaching 7,000 in 2017... North Korea attacks virtual asset exchanges and game companies "New government must enact cybersecurity law"... "Specific countries
South Korea and EU agree to counter North Korean crypto theft
Pressed by global cyberthreats, not least Pyongyang’s habit of stealing cryptocurrency, South Korea and the European Union plan to boost cooperation in response. Diplomats from the two sides designated North Korea as a major source of cybersecurity risks deserving their attention and agreed to further advance cyberpolicy consultations. Seoul and Brussels join forces to repel threats in the cyberspace Officials from South Korea and the EU have ag…
Kim Jong Un’s North Korea Runs Mafia-Like Cyber Operation Laundering 13,562 BTC Through U.S. Marketplace, Funds Nuclear Program
North Korea has developed a sophisticated and clandestine global cyber operation that experts compare to a mafia syndicate, according to a report by DTEX Systems. The regime, led by Kim Jong Un, employs thousands of IT professionals who infiltrate Western companies, including those in the U.S. and Europe, by stealing or faking identities to secure remote jobs. These workers funnel stolen and laundered cryptocurrency, including 13,562 bitcoins, t…
GBHackers On Security
Malware Analysis, News and IndicatorsDPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The threat actors behind this operation employ a range of deceptive tactics, including the use of […] The post DPRK IT Workers Impersonate Polish and US…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
